commit-rules
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions on how to use the
git commitcommand correctly within a sandboxed environment, specifically advising against heredoc syntax due to file system restrictions. This is a functional constraint rather than a security risk. - [INDIRECT_PROMPT_INJECTION]: The instructions suggest matching the style of existing commits by reading
git log. While this involves ingesting external data (repository history), the scope is limited to stylistic formatting of commit messages and does not involve executing the retrieved data or using it in a way that could lead to agent subversion. - [SAFE]: The skill enforces security-positive behaviors, such as explicitly forbidding the bypassing of GPG commit signing and providing instructions for user intervention if signing fails.
Audit Metadata